Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32877
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). This issue lies in the ...
NA
CVE-2024-35222
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid command...
NA
CVE-2023-52861
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as th...
NA
CVE-2021-47412
In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq...
NA
CVE-2024-2697
The socialdriver-framework WordPress plugin prior to 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which coul...
NA
CVE-2024-21861
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
NA
CVE-2023-35192
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
NA
CVE-2023-43748
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
NA
CVE-2024-4181
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a mali...
NA
CVE-2024-4367
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »